summaryrefslogtreecommitdiff
path: root/rijndael.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-09-14 02:47:33 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-09-14 02:47:33 +0000
commit319fc7353c647aa2703bb6c7f5288fb42f29e705 (patch)
tree6f18bbd9ecb425b951b549a3d01c59308d0bccaf /rijndael.c
parent4213c559ef3d44670c8580cc552d23dce7528bda (diff)
I was promised that this does not need to have endness fix up by Markus.
So I will blindly trust him. =) - markus@cvs.openbsd.org 2001/08/23 11:31:59 [cipher.c cipher.h] switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
Diffstat (limited to 'rijndael.c')
-rw-r--r--rijndael.c1612
1 files changed, 1214 insertions, 398 deletions
diff --git a/rijndael.c b/rijndael.c
index 1b2ff7bf5..b7077a713 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,425 +1,1241 @@
1/* $OpenBSD: rijndael.c,v 1.8 2001/07/30 16:23:30 stevesk Exp $ */ 1/**
2 * rijndael-alg-fst.c
3 *
4 * @version 3.0 (December 2000)
5 *
6 * Optimised ANSI C code for the Rijndael cipher (now AES)
7 *
8 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
9 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
10 * @author Paulo Barreto <paulo.barreto@terra.com.br>
11 *
12 * This code is hereby placed in the public domain.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
18 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
21 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
22 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
23 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
24 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26#include <stdlib.h>
27#include <string.h>
2 28
3/* This is an independent implementation of the encryption algorithm: */
4/* */
5/* RIJNDAEL by Joan Daemen and Vincent Rijmen */
6/* */
7/* which is a candidate algorithm in the Advanced Encryption Standard */
8/* programme of the US National Institute of Standards and Technology. */
9
10/*
11 -----------------------------------------------------------------------
12 Copyright (c) 2001 Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK
13
14 TERMS
15
16 Redistribution and use in source and binary forms, with or without
17 modification, are permitted provided that the following conditions
18 are met:
19 1. Redistributions of source code must retain the above copyright
20 notice, this list of conditions and the following disclaimer.
21 2. Redistributions in binary form must reproduce the above copyright
22 notice, this list of conditions and the following disclaimer in the
23 documentation and/or other materials provided with the distribution.
24
25 This software is provided 'as is' with no guarantees of correctness or
26 fitness for purpose.
27 -----------------------------------------------------------------------
28*/
29
30/* Timing data for Rijndael (rijndael.c)
31
32Algorithm: rijndael (rijndael.c)
33
34128 bit key:
35Key Setup: 305/1389 cycles (encrypt/decrypt)
36Encrypt: 374 cycles = 68.4 mbits/sec
37Decrypt: 352 cycles = 72.7 mbits/sec
38Mean: 363 cycles = 70.5 mbits/sec
39
40192 bit key:
41Key Setup: 277/1595 cycles (encrypt/decrypt)
42Encrypt: 439 cycles = 58.3 mbits/sec
43Decrypt: 425 cycles = 60.2 mbits/sec
44Mean: 432 cycles = 59.3 mbits/sec
45
46256 bit key:
47Key Setup: 374/1960 cycles (encrypt/decrypt)
48Encrypt: 502 cycles = 51.0 mbits/sec
49Decrypt: 498 cycles = 51.4 mbits/sec
50Mean: 500 cycles = 51.2 mbits/sec
51
52*/
53
54#include "config.h"
55#include "rijndael.h" 29#include "rijndael.h"
56 30
57void gen_tabs __P((void)); 31#define FULL_UNROLL
58
59/* 3. Basic macros for speeding up generic operations */
60
61/* Circular rotate of 32 bit values */
62
63#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n))))
64#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n))))
65
66/* Invert byte order in a 32 bit variable */
67
68#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00))
69
70/* Extract byte from a 32 bit quantity (little endian notation) */
71
72#define byte(x,n) ((u1byte)((x) >> (8 * n)))
73
74#ifdef WORDS_BIGENDIAN
75#define BYTE_SWAP
76#endif
77
78#ifdef BYTE_SWAP
79#define io_swap(x) bswap(x)
80#else
81#define io_swap(x) (x)
82#endif
83
84#define LARGE_TABLES
85
86u1byte pow_tab[256];
87u1byte log_tab[256];
88u1byte sbx_tab[256];
89u1byte isb_tab[256];
90u4byte rco_tab[ 10];
91u4byte ft_tab[4][256];
92u4byte it_tab[4][256];
93
94#ifdef LARGE_TABLES
95 u4byte fl_tab[4][256];
96 u4byte il_tab[4][256];
97#endif
98
99u4byte tab_gen = 0;
100 32
101#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) 33/*
102 34Te0[x] = S [x].[02, 01, 01, 03];
103#define f_rn(bo, bi, n, k) \ 35Te1[x] = S [x].[03, 02, 01, 01];
104 bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ 36Te2[x] = S [x].[01, 03, 02, 01];
105 ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ 37Te3[x] = S [x].[01, 01, 03, 02];
106 ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 38Te4[x] = S [x].[01, 01, 01, 01];
107 ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) 39
108 40Td0[x] = Si[x].[0e, 09, 0d, 0b];
109#define i_rn(bo, bi, n, k) \ 41Td1[x] = Si[x].[0b, 0e, 09, 0d];
110 bo[n] = it_tab[0][byte(bi[n],0)] ^ \ 42Td2[x] = Si[x].[0d, 0b, 0e, 09];
111 it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ 43Td3[x] = Si[x].[09, 0d, 0b, 0e];
112 it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ 44Td4[x] = Si[x].[01, 01, 01, 01];
113 it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) 45*/
114
115#ifdef LARGE_TABLES
116
117#define ls_box(x) \
118 ( fl_tab[0][byte(x, 0)] ^ \
119 fl_tab[1][byte(x, 1)] ^ \
120 fl_tab[2][byte(x, 2)] ^ \
121 fl_tab[3][byte(x, 3)] )
122
123#define f_rl(bo, bi, n, k) \
124 bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
125 fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
126 fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
127 fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
128
129#define i_rl(bo, bi, n, k) \
130 bo[n] = il_tab[0][byte(bi[n],0)] ^ \
131 il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
132 il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
133 il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
134
135#else
136
137#define ls_box(x) \
138 ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \
139 ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \
140 ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \
141 ((u4byte)sbx_tab[byte(x, 3)] << 24)
142
143#define f_rl(bo, bi, n, k) \
144 bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \
145 rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \
146 rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
147 rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
148
149#define i_rl(bo, bi, n, k) \
150 bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \
151 rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \
152 rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
153 rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
154
155#endif
156
157void
158gen_tabs(void)
159{
160 u4byte i, t;
161 u1byte p, q;
162
163 /* log and power tables for GF(2**8) finite field with */
164 /* 0x11b as modular polynomial - the simplest prmitive */
165 /* root is 0x11, used here to generate the tables */
166
167 for(i = 0,p = 1; i < 256; ++i) {
168 pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i;
169
170 p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0);
171 }
172
173 log_tab[1] = 0; p = 1;
174
175 for(i = 0; i < 10; ++i) {
176 rco_tab[i] = p;
177 46
178 p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); 47static const u32 Te0[256] = {
48 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
49 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
50 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
51 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
52 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
53 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
54 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
55 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
56 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
57 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
58 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
59 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
60 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
61 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
62 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
63 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
64 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
65 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
66 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
67 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
68 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
69 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
70 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
71 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
72 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
73 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
74 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
75 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
76 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
77 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
78 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
79 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
80 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
81 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
82 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
83 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
84 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
85 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
86 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
87 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
88 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
89 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
90 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
91 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
92 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
93 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
94 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
95 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
96 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
97 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
98 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
99 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
100 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
101 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
102 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
103 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
104 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
105 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
106 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
107 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
108 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
109 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
110 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
111 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
112};
113static const u32 Te1[256] = {
114 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
115 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
116 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
117 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
118 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
119 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
120 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
121 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
122 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
123 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
124 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
125 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
126 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
127 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
128 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
129 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
130 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
131 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
132 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
133 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
134 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
135 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
136 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
137 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
138 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
139 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
140 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
141 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
142 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
143 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
144 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
145 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
146 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
147 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
148 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
149 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
150 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
151 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
152 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
153 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
154 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
155 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
156 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
157 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
158 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
159 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
160 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
161 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
162 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
163 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
164 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
165 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
166 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
167 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
168 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
169 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
170 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
171 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
172 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
173 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
174 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
175 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
176 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
177 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
178};
179static const u32 Te2[256] = {
180 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
181 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
182 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
183 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
184 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
185 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
186 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
187 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
188 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
189 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
190 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
191 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
192 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
193 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
194 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
195 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
196 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
197 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
198 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
199 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
200 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
201 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
202 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
203 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
204 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
205 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
206 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
207 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
208 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
209 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
210 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
211 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
212 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
213 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
214 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
215 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
216 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
217 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
218 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
219 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
220 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
221 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
222 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
223 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
224 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
225 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
226 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
227 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
228 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
229 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
230 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
231 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
232 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
233 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
234 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
235 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
236 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
237 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
238 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
239 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
240 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
241 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
242 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
243 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
244};
245static const u32 Te3[256] = {
246
247 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
248 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
249 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
250 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
251 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
252 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
253 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
254 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
255 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
256 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
257 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
258 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
259 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
260 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
261 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
262 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
263 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
264 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
265 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
266 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
267 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
268 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
269 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
270 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
271 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
272 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
273 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
274 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
275 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
276 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
277 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
278 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
279 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
280 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
281 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
282 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
283 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
284 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
285 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
286 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
287 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
288 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
289 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
290 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
291 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
292 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
293 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
294 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
295 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
296 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
297 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
298 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
299 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
300 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
301 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
302 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
303 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
304 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
305 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
306 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
307 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
308 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
309 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
310 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
311};
312static const u32 Te4[256] = {
313 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
314 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
315 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
316 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
317 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
318 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
319 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
320 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
321 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
322 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
323 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
324 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
325 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
326 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
327 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
328 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
329 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
330 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
331 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
332 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
333 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
334 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
335 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
336 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
337 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
338 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
339 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
340 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
341 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
342 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
343 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
344 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
345 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
346 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
347 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
348 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
349 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
350 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
351 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
352 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
353 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
354 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
355 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
356 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
357 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
358 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
359 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
360 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
361 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
362 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
363 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
364 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
365 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
366 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
367 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
368 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
369 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
370 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
371 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
372 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
373 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
374 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
375 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
376 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
377};
378static const u32 Td0[256] = {
379 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
380 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
381 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
382 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
383 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
384 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
385 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
386 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
387 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
388 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
389 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
390 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
391 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
392 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
393 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
394 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
395 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
396 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
397 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
398 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
399 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
400 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
401 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
402 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
403 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
404 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
405 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
406 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
407 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
408 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
409 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
410 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
411 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
412 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
413 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
414 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
415 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
416 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
417 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
418 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
419 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
420 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
421 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
422 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
423 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
424 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
425 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
426 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
427 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
428 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
429 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
430 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
431 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
432 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
433 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
434 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
435 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
436 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
437 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
438 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
439 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
440 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
441 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
442 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
443};
444static const u32 Td1[256] = {
445 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
446 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
447 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
448 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
449 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
450 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
451 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
452 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
453 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
454 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
455 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
456 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
457 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
458 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
459 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
460 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
461 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
462 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
463 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
464 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
465 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
466 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
467 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
468 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
469 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
470 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
471 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
472 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
473 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
474 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
475 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
476 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
477 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
478 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
479 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
480 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
481 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
482 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
483 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
484 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
485 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
486 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
487 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
488 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
489 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
490 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
491 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
492 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
493 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
494 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
495 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
496 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
497 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
498 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
499 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
500 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
501 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
502 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
503 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
504 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
505 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
506 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
507 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
508 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
509};
510static const u32 Td2[256] = {
511 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
512 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
513 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
514 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
515 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
516 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
517 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
518 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
519 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
520 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
521 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
522 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
523 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
524 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
525 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
526 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
527 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
528 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
529 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
530 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
531
532 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
533 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
534 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
535 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
536 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
537 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
538 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
539 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
540 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
541 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
542 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
543 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
544 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
545 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
546 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
547 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
548 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
549 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
550 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
551 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
552 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
553 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
554 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
555 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
556 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
557 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
558 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
559 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
560 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
561 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
562 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
563 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
564 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
565 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
566 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
567 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
568 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
569 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
570 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
571 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
572 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
573 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
574 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
575 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
576};
577static const u32 Td3[256] = {
578 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
579 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
580 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
581 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
582 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
583 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
584 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
585 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
586 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
587 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
588 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
589 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
590 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
591 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
592 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
593 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
594 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
595 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
596 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
597 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
598 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
599 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
600 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
601 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
602 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
603 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
604 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
605 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
606 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
607 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
608 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
609 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
610 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
611 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
612 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
613 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
614 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
615 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
616 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
617 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
618 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
619 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
620 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
621 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
622 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
623 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
624 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
625 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
626 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
627 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
628 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
629 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
630 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
631 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
632 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
633 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
634 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
635 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
636 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
637 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
638 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
639 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
640 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
641 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
642};
643static const u32 Td4[256] = {
644 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
645 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
646 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
647 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
648 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
649 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
650 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
651 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
652 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
653 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
654 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
655 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
656 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
657 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
658 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
659 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
660 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
661 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
662 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
663 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
664 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
665 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
666 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
667 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
668 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
669 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
670 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
671 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
672 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
673 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
674 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
675 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
676 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
677 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
678 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
679 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
680 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
681 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
682 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
683 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
684 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
685 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
686 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
687 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
688 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
689 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
690 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
691 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
692 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
693 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
694 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
695 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
696 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
697 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
698 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
699 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
700 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
701 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
702 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
703 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
704 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
705 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
706 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
707 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
708};
709static const u32 rcon[] = {
710 0x01000000, 0x02000000, 0x04000000, 0x08000000,
711 0x10000000, 0x20000000, 0x40000000, 0x80000000,
712 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
713};
714
715#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
716#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
717
718/**
719 * Expand the cipher key into the encryption key schedule.
720 *
721 * @return the number of rounds for the given cipher key size.
722 */
723static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
724 int i = 0;
725 u32 temp;
726
727 rk[0] = GETU32(cipherKey );
728 rk[1] = GETU32(cipherKey + 4);
729 rk[2] = GETU32(cipherKey + 8);
730 rk[3] = GETU32(cipherKey + 12);
731 if (keyBits == 128) {
732 for (;;) {
733 temp = rk[3];
734 rk[4] = rk[0] ^
735 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
736 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
737 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
738 (Te4[(temp >> 24) ] & 0x000000ff) ^
739 rcon[i];
740 rk[5] = rk[1] ^ rk[4];
741 rk[6] = rk[2] ^ rk[5];
742 rk[7] = rk[3] ^ rk[6];
743 if (++i == 10) {
744 return 10;
745 }
746 rk += 4;
747 }
179 } 748 }
180 749 rk[4] = GETU32(cipherKey + 16);
181 /* note that the affine byte transformation matrix in */ 750 rk[5] = GETU32(cipherKey + 20);
182 /* rijndael specification is in big endian format with */ 751 if (keyBits == 192) {
183 /* bit 0 as the most significant bit. In the remainder */ 752 for (;;) {
184 /* of the specification the bits are numbered from the */ 753 temp = rk[ 5];
185 /* least significant end of a byte. */ 754 rk[ 6] = rk[ 0] ^
186 755 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
187 for(i = 0; i < 256; ++i) { 756 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
188 p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; 757 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
189 q = (q >> 7) | (q << 1); p ^= q; 758 (Te4[(temp >> 24) ] & 0x000000ff) ^
190 q = (q >> 7) | (q << 1); p ^= q; 759 rcon[i];
191 q = (q >> 7) | (q << 1); p ^= q; 760 rk[ 7] = rk[ 1] ^ rk[ 6];
192 q = (q >> 7) | (q << 1); p ^= q ^ 0x63; 761 rk[ 8] = rk[ 2] ^ rk[ 7];
193 sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; 762 rk[ 9] = rk[ 3] ^ rk[ 8];
763 if (++i == 8) {
764 return 12;
765 }
766 rk[10] = rk[ 4] ^ rk[ 9];
767 rk[11] = rk[ 5] ^ rk[10];
768 rk += 6;
769 }
194 } 770 }
195 771 rk[6] = GETU32(cipherKey + 24);
196 for(i = 0; i < 256; ++i) { 772 rk[7] = GETU32(cipherKey + 28);
197 p = sbx_tab[i]; 773 if (keyBits == 256) {
198 774 for (;;) {
199#ifdef LARGE_TABLES 775 temp = rk[ 7];
200 776 rk[ 8] = rk[ 0] ^
201 t = p; fl_tab[0][i] = t; 777 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
202 fl_tab[1][i] = rotl(t, 8); 778 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
203 fl_tab[2][i] = rotl(t, 16); 779 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
204 fl_tab[3][i] = rotl(t, 24); 780 (Te4[(temp >> 24) ] & 0x000000ff) ^
205#endif 781 rcon[i];
206 t = ((u4byte)ff_mult(2, p)) | 782 rk[ 9] = rk[ 1] ^ rk[ 8];
207 ((u4byte)p << 8) | 783 rk[10] = rk[ 2] ^ rk[ 9];
208 ((u4byte)p << 16) | 784 rk[11] = rk[ 3] ^ rk[10];
209 ((u4byte)ff_mult(3, p) << 24); 785 if (++i == 7) {
210 786 return 14;
211 ft_tab[0][i] = t; 787 }
212 ft_tab[1][i] = rotl(t, 8); 788 temp = rk[11];
213 ft_tab[2][i] = rotl(t, 16); 789 rk[12] = rk[ 4] ^
214 ft_tab[3][i] = rotl(t, 24); 790 (Te4[(temp >> 24) ] & 0xff000000) ^
215 791 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
216 p = isb_tab[i]; 792 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
217 793 (Te4[(temp ) & 0xff] & 0x000000ff);
218#ifdef LARGE_TABLES 794 rk[13] = rk[ 5] ^ rk[12];
219 795 rk[14] = rk[ 6] ^ rk[13];
220 t = p; il_tab[0][i] = t; 796 rk[15] = rk[ 7] ^ rk[14];
221 il_tab[1][i] = rotl(t, 8); 797
222 il_tab[2][i] = rotl(t, 16); 798 rk += 8;
223 il_tab[3][i] = rotl(t, 24); 799 }
224#endif
225 t = ((u4byte)ff_mult(14, p)) |
226 ((u4byte)ff_mult( 9, p) << 8) |
227 ((u4byte)ff_mult(13, p) << 16) |
228 ((u4byte)ff_mult(11, p) << 24);
229
230 it_tab[0][i] = t;
231 it_tab[1][i] = rotl(t, 8);
232 it_tab[2][i] = rotl(t, 16);
233 it_tab[3][i] = rotl(t, 24);
234 } 800 }
235 801 return 0;
236 tab_gen = 1;
237} 802}
238 803
239#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) 804/**
240 805 * Expand the cipher key into the decryption key schedule.
241#define imix_col(y,x) \ 806 *
242 u = star_x(x); \ 807 * @return the number of rounds for the given cipher key size.
243 v = star_x(u); \ 808 */
244 w = star_x(v); \ 809static int
245 t = w ^ (x); \ 810rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
246 (y) = u ^ v ^ w; \ 811 int have_encrypt) {
247 (y) ^= rotr(u ^ t, 8) ^ \ 812 int Nr, i, j;
248 rotr(v ^ t, 16) ^ \ 813 u32 temp;
249 rotr(t,24) 814
250 815 if (have_encrypt) {
251/* initialise the key schedule from the user supplied key */ 816 Nr = have_encrypt;
252 817 } else {
253#define loop4(i) \ 818 /* expand the cipher key: */
254{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ 819 Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
255 t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ 820 }
256 t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ 821 /* invert the order of the round keys: */
257 t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ 822 for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
258 t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \ 823 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
824 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
825 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
826 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
827 }
828 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
829 for (i = 1; i < Nr; i++) {
830 rk += 4;
831 rk[0] =
832 Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
833 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
834 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
835 Td3[Te4[(rk[0] ) & 0xff] & 0xff];
836 rk[1] =
837 Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
838 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
839 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
840 Td3[Te4[(rk[1] ) & 0xff] & 0xff];
841 rk[2] =
842 Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
843 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
844 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
845 Td3[Te4[(rk[2] ) & 0xff] & 0xff];
846 rk[3] =
847 Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
848 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
849 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
850 Td3[Te4[(rk[3] ) & 0xff] & 0xff];
851 }
852 return Nr;
259} 853}
260 854
261#define loop6(i) \ 855static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) {
262{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ 856 u32 s0, s1, s2, s3, t0, t1, t2, t3;
263 t ^= e_key[6 * i]; e_key[6 * i + 6] = t; \ 857#ifndef FULL_UNROLL
264 t ^= e_key[6 * i + 1]; e_key[6 * i + 7] = t; \ 858 int r;
265 t ^= e_key[6 * i + 2]; e_key[6 * i + 8] = t; \ 859#endif /* ?FULL_UNROLL */
266 t ^= e_key[6 * i + 3]; e_key[6 * i + 9] = t; \ 860
267 t ^= e_key[6 * i + 4]; e_key[6 * i + 10] = t; \ 861 /*
268 t ^= e_key[6 * i + 5]; e_key[6 * i + 11] = t; \ 862 * map byte array block to cipher state
863 * and add initial round key:
864 */
865 s0 = GETU32(pt ) ^ rk[0];
866 s1 = GETU32(pt + 4) ^ rk[1];
867 s2 = GETU32(pt + 8) ^ rk[2];
868 s3 = GETU32(pt + 12) ^ rk[3];
869#ifdef FULL_UNROLL
870 /* round 1: */
871 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
872 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
873 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
874 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
875 /* round 2: */
876 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
877 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
878 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
879 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
880 /* round 3: */
881 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
882 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
883 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
884 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
885 /* round 4: */
886 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
887 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
888 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
889 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
890 /* round 5: */
891 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
892 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
893 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
894 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
895 /* round 6: */
896 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
897 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
898 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
899 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
900 /* round 7: */
901 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
902 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
903 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
904 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
905 /* round 8: */
906 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
907 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
908 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
909 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
910 /* round 9: */
911 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
912 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
913 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
914 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
915 if (Nr > 10) {
916 /* round 10: */
917 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
918 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
919 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
920 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
921 /* round 11: */
922 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
923 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
924 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
925 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
926 if (Nr > 12) {
927 /* round 12: */
928 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
929 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
930 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
931 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
932 /* round 13: */
933 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
934 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
935 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
936 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
937 }
938 }
939 rk += Nr << 2;
940#else /* !FULL_UNROLL */
941 /*
942 * Nr - 1 full rounds:
943 */
944 r = Nr >> 1;
945 for (;;) {
946 t0 =
947 Te0[(s0 >> 24) ] ^
948 Te1[(s1 >> 16) & 0xff] ^
949 Te2[(s2 >> 8) & 0xff] ^
950 Te3[(s3 ) & 0xff] ^
951 rk[4];
952 t1 =
953 Te0[(s1 >> 24) ] ^
954 Te1[(s2 >> 16) & 0xff] ^
955 Te2[(s3 >> 8) & 0xff] ^
956 Te3[(s0 ) & 0xff] ^
957 rk[5];
958 t2 =
959 Te0[(s2 >> 24) ] ^
960 Te1[(s3 >> 16) & 0xff] ^
961 Te2[(s0 >> 8) & 0xff] ^
962 Te3[(s1 ) & 0xff] ^
963 rk[6];
964 t3 =
965 Te0[(s3 >> 24) ] ^
966 Te1[(s0 >> 16) & 0xff] ^
967 Te2[(s1 >> 8) & 0xff] ^
968 Te3[(s2 ) & 0xff] ^
969 rk[7];
970
971 rk += 8;
972 if (--r == 0) {
973 break;
974 }
975
976 s0 =
977 Te0[(t0 >> 24) ] ^
978 Te1[(t1 >> 16) & 0xff] ^
979 Te2[(t2 >> 8) & 0xff] ^
980 Te3[(t3 ) & 0xff] ^
981 rk[0];
982 s1 =
983 Te0[(t1 >> 24) ] ^
984 Te1[(t2 >> 16) & 0xff] ^
985 Te2[(t3 >> 8) & 0xff] ^
986 Te3[(t0 ) & 0xff] ^
987 rk[1];
988 s2 =
989 Te0[(t2 >> 24) ] ^
990 Te1[(t3 >> 16) & 0xff] ^
991 Te2[(t0 >> 8) & 0xff] ^
992 Te3[(t1 ) & 0xff] ^
993 rk[2];
994 s3 =
995 Te0[(t3 >> 24) ] ^
996 Te1[(t0 >> 16) & 0xff] ^
997 Te2[(t1 >> 8) & 0xff] ^
998 Te3[(t2 ) & 0xff] ^
999 rk[3];
1000 }
1001#endif /* ?FULL_UNROLL */
1002 /*
1003 * apply last round and
1004 * map cipher state to byte array block:
1005 */
1006 s0 =
1007 (Te4[(t0 >> 24) ] & 0xff000000) ^
1008 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1009 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1010 (Te4[(t3 ) & 0xff] & 0x000000ff) ^
1011 rk[0];
1012 PUTU32(ct , s0);
1013 s1 =
1014 (Te4[(t1 >> 24) ] & 0xff000000) ^
1015 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1016 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1017 (Te4[(t0 ) & 0xff] & 0x000000ff) ^
1018 rk[1];
1019 PUTU32(ct + 4, s1);
1020 s2 =
1021 (Te4[(t2 >> 24) ] & 0xff000000) ^
1022 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1023 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1024 (Te4[(t1 ) & 0xff] & 0x000000ff) ^
1025 rk[2];
1026 PUTU32(ct + 8, s2);
1027 s3 =
1028 (Te4[(t3 >> 24) ] & 0xff000000) ^
1029 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1030 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1031 (Te4[(t2 ) & 0xff] & 0x000000ff) ^
1032 rk[3];
1033 PUTU32(ct + 12, s3);
269} 1034}
270 1035
271#define loop8(i) \ 1036static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) {
272{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ 1037 u32 s0, s1, s2, s3, t0, t1, t2, t3;
273 t ^= e_key[8 * i]; e_key[8 * i + 8] = t; \ 1038#ifndef FULL_UNROLL
274 t ^= e_key[8 * i + 1]; e_key[8 * i + 9] = t; \ 1039 int r;
275 t ^= e_key[8 * i + 2]; e_key[8 * i + 10] = t; \ 1040#endif /* ?FULL_UNROLL */
276 t ^= e_key[8 * i + 3]; e_key[8 * i + 11] = t; \ 1041
277 t = e_key[8 * i + 4] ^ ls_box(t); \ 1042 /*
278 e_key[8 * i + 12] = t; \ 1043 * map byte array block to cipher state
279 t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \ 1044 * and add initial round key:
280 t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \ 1045 */
281 t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \ 1046 s0 = GETU32(ct ) ^ rk[0];
1047 s1 = GETU32(ct + 4) ^ rk[1];
1048 s2 = GETU32(ct + 8) ^ rk[2];
1049 s3 = GETU32(ct + 12) ^ rk[3];
1050#ifdef FULL_UNROLL
1051 /* round 1: */
1052 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1053 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1054 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1055 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1056 /* round 2: */
1057 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1058 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1059 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1060 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1061 /* round 3: */
1062 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1063 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1064 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1065 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1066 /* round 4: */
1067 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1068 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1069 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1070 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1071 /* round 5: */
1072 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1073 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1074 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1075 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1076 /* round 6: */
1077 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1078 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1079 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1080 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1081 /* round 7: */
1082 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1083 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1084 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1085 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1086 /* round 8: */
1087 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1088 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1089 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1090 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1091 /* round 9: */
1092 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1093 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1094 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1095 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1096 if (Nr > 10) {
1097 /* round 10: */
1098 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1099 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1100 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1101 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1102 /* round 11: */
1103 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1104 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1105 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1106 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1107 if (Nr > 12) {
1108 /* round 12: */
1109 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1110 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1111 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1112 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1113 /* round 13: */
1114 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1115 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1116 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1117 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1118 }
1119 }
1120 rk += Nr << 2;
1121#else /* !FULL_UNROLL */
1122 /*
1123 * Nr - 1 full rounds:
1124 */
1125 r = Nr >> 1;
1126 for (;;) {
1127 t0 =
1128 Td0[(s0 >> 24) ] ^
1129 Td1[(s3 >> 16) & 0xff] ^
1130 Td2[(s2 >> 8) & 0xff] ^
1131 Td3[(s1 ) & 0xff] ^
1132 rk[4];
1133 t1 =
1134 Td0[(s1 >> 24) ] ^
1135 Td1[(s0 >> 16) & 0xff] ^
1136 Td2[(s3 >> 8) & 0xff] ^
1137 Td3[(s2 ) & 0xff] ^
1138 rk[5];
1139 t2 =
1140 Td0[(s2 >> 24) ] ^
1141 Td1[(s1 >> 16) & 0xff] ^
1142 Td2[(s0 >> 8) & 0xff] ^
1143 Td3[(s3 ) & 0xff] ^
1144 rk[6];
1145 t3 =
1146 Td0[(s3 >> 24) ] ^
1147 Td1[(s2 >> 16) & 0xff] ^
1148 Td2[(s1 >> 8) & 0xff] ^
1149 Td3[(s0 ) & 0xff] ^
1150 rk[7];
1151
1152 rk += 8;
1153 if (--r == 0) {
1154 break;
1155 }
1156
1157 s0 =
1158 Td0[(t0 >> 24) ] ^
1159 Td1[(t3 >> 16) & 0xff] ^
1160 Td2[(t2 >> 8) & 0xff] ^
1161 Td3[(t1 ) & 0xff] ^
1162 rk[0];
1163 s1 =
1164 Td0[(t1 >> 24) ] ^
1165 Td1[(t0 >> 16) & 0xff] ^
1166 Td2[(t3 >> 8) & 0xff] ^
1167 Td3[(t2 ) & 0xff] ^
1168 rk[1];
1169 s2 =
1170 Td0[(t2 >> 24) ] ^
1171 Td1[(t1 >> 16) & 0xff] ^
1172 Td2[(t0 >> 8) & 0xff] ^
1173 Td3[(t3 ) & 0xff] ^
1174 rk[2];
1175 s3 =
1176 Td0[(t3 >> 24) ] ^
1177 Td1[(t2 >> 16) & 0xff] ^
1178 Td2[(t1 >> 8) & 0xff] ^
1179 Td3[(t0 ) & 0xff] ^
1180 rk[3];
1181 }
1182#endif /* ?FULL_UNROLL */
1183 /*
1184 * apply last round and
1185 * map cipher state to byte array block:
1186 */
1187 s0 =
1188 (Td4[(t0 >> 24) ] & 0xff000000) ^
1189 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1190 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1191 (Td4[(t1 ) & 0xff] & 0x000000ff) ^
1192 rk[0];
1193 PUTU32(pt , s0);
1194 s1 =
1195 (Td4[(t1 >> 24) ] & 0xff000000) ^
1196 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1197 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1198 (Td4[(t2 ) & 0xff] & 0x000000ff) ^
1199 rk[1];
1200 PUTU32(pt + 4, s1);
1201 s2 =
1202 (Td4[(t2 >> 24) ] & 0xff000000) ^
1203 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1204 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1205 (Td4[(t3 ) & 0xff] & 0x000000ff) ^
1206 rk[2];
1207 PUTU32(pt + 8, s2);
1208 s3 =
1209 (Td4[(t3 >> 24) ] & 0xff000000) ^
1210 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1211 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1212 (Td4[(t0 ) & 0xff] & 0x000000ff) ^
1213 rk[3];
1214 PUTU32(pt + 12, s3);
282} 1215}
283 1216
284rijndael_ctx * 1217void
285rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len, 1218rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
286 int encrypt)
287{ 1219{
288 u4byte i, t, u, v, w; 1220 ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
289 u4byte *e_key = ctx->e_key; 1221 if (encrypt) {
290 u4byte *d_key = ctx->d_key; 1222 ctx->decrypt = 0;
291 1223 memset(ctx->dk, 0, sizeof(ctx->dk));
292 ctx->decrypt = !encrypt; 1224 } else {
293 1225 ctx->decrypt = 1;
294 if(!tab_gen) 1226 memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
295 gen_tabs(); 1227 rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
296
297 ctx->k_len = (key_len + 31) / 32;
298
299 e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]);
300 e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]);
301
302 switch(ctx->k_len) {
303 case 4: t = e_key[3];
304 for(i = 0; i < 10; ++i)
305 loop4(i);
306 break;
307
308 case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
309 for(i = 0; i < 8; ++i)
310 loop6(i);
311 break;
312
313 case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
314 e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
315 for(i = 0; i < 7; ++i)
316 loop8(i);
317 break;
318 } 1228 }
319
320 if (!encrypt) {
321 d_key[0] = e_key[0]; d_key[1] = e_key[1];
322 d_key[2] = e_key[2]; d_key[3] = e_key[3];
323
324 for(i = 4; i < 4 * ctx->k_len + 24; ++i) {
325 imix_col(d_key[i], e_key[i]);
326 }
327 }
328
329 return ctx;
330} 1229}
331 1230
332/* encrypt a block of text */
333
334#define f_nround(bo, bi, k) \
335 f_rn(bo, bi, 0, k); \
336 f_rn(bo, bi, 1, k); \
337 f_rn(bo, bi, 2, k); \
338 f_rn(bo, bi, 3, k); \
339 k += 4
340
341#define f_lround(bo, bi, k) \
342 f_rl(bo, bi, 0, k); \
343 f_rl(bo, bi, 1, k); \
344 f_rl(bo, bi, 2, k); \
345 f_rl(bo, bi, 3, k)
346
347void 1231void
348rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) 1232rijndael_decrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
349{ 1233{
350 u4byte k_len = ctx->k_len; 1234 rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
351 u4byte *e_key = ctx->e_key;
352 u4byte b0[4], b1[4], *kp;
353
354 b0[0] = io_swap(in_blk[0]) ^ e_key[0];
355 b0[1] = io_swap(in_blk[1]) ^ e_key[1];
356 b0[2] = io_swap(in_blk[2]) ^ e_key[2];
357 b0[3] = io_swap(in_blk[3]) ^ e_key[3];
358
359 kp = e_key + 4;
360
361 if(k_len > 6) {
362 f_nround(b1, b0, kp); f_nround(b0, b1, kp);
363 }
364
365 if(k_len > 4) {
366 f_nround(b1, b0, kp); f_nround(b0, b1, kp);
367 }
368
369 f_nround(b1, b0, kp); f_nround(b0, b1, kp);
370 f_nround(b1, b0, kp); f_nround(b0, b1, kp);
371 f_nround(b1, b0, kp); f_nround(b0, b1, kp);
372 f_nround(b1, b0, kp); f_nround(b0, b1, kp);
373 f_nround(b1, b0, kp); f_lround(b0, b1, kp);
374
375 out_blk[0] = io_swap(b0[0]); out_blk[1] = io_swap(b0[1]);
376 out_blk[2] = io_swap(b0[2]); out_blk[3] = io_swap(b0[3]);
377} 1235}
378 1236
379/* decrypt a block of text */
380
381#define i_nround(bo, bi, k) \
382 i_rn(bo, bi, 0, k); \
383 i_rn(bo, bi, 1, k); \
384 i_rn(bo, bi, 2, k); \
385 i_rn(bo, bi, 3, k); \
386 k -= 4
387
388#define i_lround(bo, bi, k) \
389 i_rl(bo, bi, 0, k); \
390 i_rl(bo, bi, 1, k); \
391 i_rl(bo, bi, 2, k); \
392 i_rl(bo, bi, 3, k)
393
394void 1237void
395rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) 1238rijndael_encrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
396{ 1239{
397 u4byte b0[4], b1[4], *kp; 1240 rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
398 u4byte k_len = ctx->k_len;
399 u4byte *e_key = ctx->e_key;
400 u4byte *d_key = ctx->d_key;
401
402 b0[0] = io_swap(in_blk[0]) ^ e_key[4 * k_len + 24];
403 b0[1] = io_swap(in_blk[1]) ^ e_key[4 * k_len + 25];
404 b0[2] = io_swap(in_blk[2]) ^ e_key[4 * k_len + 26];
405 b0[3] = io_swap(in_blk[3]) ^ e_key[4 * k_len + 27];
406
407 kp = d_key + 4 * (k_len + 5);
408
409 if(k_len > 6) {
410 i_nround(b1, b0, kp); i_nround(b0, b1, kp);
411 }
412
413 if(k_len > 4) {
414 i_nround(b1, b0, kp); i_nround(b0, b1, kp);
415 }
416
417 i_nround(b1, b0, kp); i_nround(b0, b1, kp);
418 i_nround(b1, b0, kp); i_nround(b0, b1, kp);
419 i_nround(b1, b0, kp); i_nround(b0, b1, kp);
420 i_nround(b1, b0, kp); i_nround(b0, b1, kp);
421 i_nround(b1, b0, kp); i_lround(b0, b1, kp);
422
423 out_blk[0] = io_swap(b0[0]); out_blk[1] = io_swap(b0[1]);
424 out_blk[2] = io_swap(b0[2]); out_blk[3] = io_swap(b0[3]);
425} 1241}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 05:23:09 +0000